Is My Treatment Confidential?

The Encarta Dictionary defines confidential as “private and secret; carried out or revealed in the expectation that anything done or revealed will be kept private,” or “dealing with private affairs-entrusted with somebody’s personal or private matters.”

It has long been recognized by society that certain communications will not be made unless they are understood to be confidential. Common examples of confidential communications that are protected from disclosure are communications between an individual and his minister or between an individual and her attorney.

Most of us know that, except in extremely rare cases, disclosures to attorneys and ministers cannot be voluntarily revealed by the attorney or minister nor can they be forced to reveal the communications by the court.

Many people who have a substance abuse problem are not willing to get help unless they can be certain that their treatment is confidential. This problem was first addressed by Congress when it enacted 42 C.F.R. Part 2 (“Part 2”). Part 2 prohibits substance abuse treatment programs, including medical detox facilities, from the unauthorized disclosure of any information that identifies their patients as substance abusers or as a patient in a substance abuse program– including any verification of information that may be already known to the person asking.

In December, 2000, the Department of Health and Human Services (HHS) issued the “Standards for Privacy of Individually Identifiable Health Information” final rule, pursuant to the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 CFR Parts 160 and 164, Subparts A and E which applies to substance abuse treatment programs-including medical detox programs.

HIPAA adds even more privacy protection by preventing unauthorized disclosure of all protected health information (“PHI”). PHI is defined as anything that relates to:

the past, present, or future physical or mental health or condition of an individual;

the provision of health care to an individual;

the past, present, or future payment for the provision of health care to an individual.

While Part 2 applies only to substance abuse programs, HIPAA applies to almost all of the health care industry and to employers, insurance companies and even schools.Part 2 and HIPAA don’t just apply to employees of the facility but to anyone that gains access to the information-volunteers, outside vendors and others. Further, both require the information about a patient to be kept confidential forever.

Finally, the prohibition on disclosure not only applies to patients of facilities but also to people who applied for admission but were never patients and to deceased patients.

WHAT IS A DISCLOSURE UNDER HIPAA AND PART 2?

A disclosure occurs when information is disclosed or revealed, no matter how it is communicated – whether in writing, orally, electronically, or otherwise.

This prohibition on disclosure is very extensive and sometimes seems contrary to common sense. For example, if a father brings his son to a facility and then later that day calls the facility to ask how the son is doing, unless the son has signed a specific consent allowing the facility to speak with the father, the facility cannot tell the father that the son is there or any details about his treatment.

The prohibition applies even if a person is ordered to substance abuse treatment by a court. Unless the patient signs a consent for the court to know their presence or treatment, the facility cannot respond to a request from the court for the status of a patient and cannot even confirm that the patient is at the facility.

Even subpoenas and arrest or search warrants are only enforceable if they meet the special requirements of Part 2.

WHEN ARE DISCLOSURES AUTHORIZED?

Disclosures are permissible if the patient has signed a consent form that meets the requirements of Part 2 and of HIPAA.

A valid consent form must be in writing and will contain the following:

Facility name and the name of the recipient of disclosure;

Patient name and purpose of the disclosure;

Description of the information to be disclosed and a statement of the patient’s right to revoke the consent at any time;

If the program can condition treatment on the patient signing the consent;

The date or reason when the consent expires if not revoked earlier;

Signature of patient and date signed by the patient.

If a facility has a valid consent form signed by the patient, information about the patient can be disclosed to the person authorized in the consent form and to the extent authorized in the consent form. For example, a patient may sign a consent form authorizing a medical detox facility to speak with his mother and answer any questions that she has about his presence at the facility, the treatment that he is receiving and his progress. In this event, when the mother calls, the facility may tell the mother that her son had a tough night but is doing better and the facility expects him to be tapered off all drugs by a certain date.

However, assume the patient signed another consent form authorizing the facility to only tell his father that he was at the facility but to provide him no other information. If the father called and asked how his son was doing, the facility would only be able to say that the son was at the facility. If the son did not sign a consent for the facility to speak with the father, the facility could not even confirm or deny that the son was at the facility if the father called.

Sometimes a facility can respond to a patient’s request and violate Part 2 and/or HIPAA. For example, a patient may ask the nurse to have the facility’s finance office contact their insurance company to determine if the patient’s insurance will cover the patient’s stay. Because the patient’s consent must be in writing to be effective, if the facility did not have a signed consent form but contacted the patient’s insurance company and asked about any benefits available, the facility will have violated Part 2 and HIPAA.

Even if a former patient calls from a police station and desperately asks the facility to fax a record of their attendance to the police department, the facility is not able to comply with the request until they receive a signed consent from the former patient.

ARE ANY UNAUTHORIZED DISCLOSURES PERMITTED?

There are some disclosures that can be made without the patient’s consent. Both Part 2 and HIPAA permit certain limited disclosures to law enforcement officers. Part 2 allows disclosures directly related to crimes and threats to commit crimes on program premises or against program personnel and must be limited to the circumstances of the incident and the patient’s status, name, address and last known whereabouts.

HIPAA permits disclosures to law enforcement officials of PHI that the program believes in good faith constitutes evidence of a crime that occurred on the program’s premises. It also allows any program staff member who was the victim of a crime to report certain information to law enforcement officials.

Both HIPAA and Part 2 allow facilities to comply with state laws relating to reporting evidence of child abuse. If a patient tells a staff member that she feels bad because she has been leaving her infant son alone for hours at a time and the state law requires the facility to report this, then the facility must report this to the appropriate state agency even if the patient objects.

Another type of disclosure that is permitted about the patient is if emergency medical services are needed. For example, if the patient has to be taken to a medical facility it is permissible for the facility to disclose any information about the patient and the patient’s treatment that is reasonably necessary for the treatment of the patient.

Another permitted disclosure is when facility staff need to communicate with each other about the patient when performing their duties. This type of disclosure is only allowed if it is necessary to perform a staff member’s duties. It is not permissible to make a disclosure to the cleaning staff that the patient was using heroin before the patient was admitted.

WHAT ARE THE PENALTIES FOR VIOLATING PART 2 OR HIPAA?

Violators of confidentiality rules under HIPAA and Part 2 are subject to civil penalties from $100 per violation up to $25,000, and criminal penalties up to $250,000 and 10 years in prison for intentional disclosure.

However, if a patient’s confidentiality rights are violated under HIPAA, they cannot bring a suit against the violator but must file a complaint with the U.S. Department of Health and Human Services (“HHS”). If a patient’s confidentiality rights under Part 2 were violated, again they cannot bring suit but must file a complaint with the U.S. Attorney’s office.

Any civil or criminal prosecution of a violator can only be done by the HHS or the U.S. Attorney’s office.

CONCLUSION

While they may seem cumbersome at times, Part 2 and HIPAA have effectively created a wall that protects the confidentiality of patients at substance abuse facilities.

There is hope for a new life.Call to speak to one of our experienced & caring detox advisors today!1-866-303-3848

Recent Blog Articles

Survey finds teen drug use dec…

A nationwide survey has found that – except for pot/marijuana – the use of drugs, alcohol and tobacco among American high school students has… Learn more.

How Long Will My Detox Be?…

When someone decides that they need to go to a medical detox facility to help them withdraw from a drug or alcohol, they are concerned about a number… Learn more.

Nick Vujicic: From No Limbs To…

Nick Vujicic (pronounced Voo-yee-chich) was born 28 years ago in Melbourne, Australia, the first child of a young Serbian couple.
When his father,… Learn more.